Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

starhopper

Posted 21 November 2005 - 01:55 PM

starhopper

Member

Topic Starter

Member

36 posts

/==========
\==========

Hi Leena;
Sorry so late getting back to you. I had to purchase the full Webroot SpySweeper 4.5, so getting thru that, the download & install took a while.
During the install, it immediately asks if a current update is wanted, so I took 'Yes'....and before the app window closes it then asks to start the sweep so I again took 'Yes'.
I did not have your instructions ('What to Sweep' options) available to me at the moment, but when done I saved the session log, & it is pasted below.
As soon as it finished, I did access your instructions, and saw the couple of changes needed (mainly, clicking to not skip the Restore folder)...made the necessary adjustments and ran another sweep -- and have pasted that (2nd) session log below the first one here.

Comment - GOOD GRIEF! Makes ya wonder what good all that other stuff I've got running/shielding is actually doing! *sigh*

What's next....think that did it? Oh.....and the 'findings' seem (by my memory) kinda different than what Panda reported as being in there....were any/all of these the actual 'booger' or associated?? Curious.

And, hope I didn't get you upset by asking that we dig a little deeper.
Warmest regards,
~Jay
<><><><><><><>

starhopper

Posted 21 November 2005 - 02:34 PM

starhopper

Member

Topic Starter

Member

36 posts

Something else has roused my curiosity....
I noticed something that was 'found' in the first SpySweeper scan, namely:
HKU\WRSS_Profile_S-1-5-21-3403482629-370423927-1386743413-1008\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\180search assistant\ (1 subtraces) (ID = 972193) .... which contains the '180search' indicator....
....was still there, and found, in the 2nd scan.
Why didn't that get cleaned &/or quarantined, if it's a 'booger'??
Also, where is this 'HKU\WRSS....' folder or file in my computer? I did a Search to see if it was actually cleaned out (by the 2nd scan)....and didn't find it.... searching 'Programs', tried again in C: drive, and a 3rd time using 'My Computer'. The last 'full' search, I even specified to search hidden & system files....with no result.

Maiestas

Posted 21 November 2005 - 02:47 PM

starhopper

Posted 21 November 2005 - 04:46 PM

starhopper

Member

Topic Starter

Member

36 posts

I'll hold off until I hear from you. Wouldn't do any good anyway, I don't think. Had brainfart earlier & didn't think of it until just a few mins ago, but re-booted and they're right back again. Ewido scan:

Maiestas

Posted 21 November 2005 - 07:04 PM

starhopper

Posted 22 November 2005 - 03:53 PM

starhopper

Member

Topic Starter

Member

36 posts

4:50 PM 11/22/2005
Checked in Add/Remove Program area as you requested....no mention of Midaddle in there in any form - I looked carefully.

Supplemental:

Late last night my system seized up on me, & had to reboot. Being still 'fresh' from being found "clean" by a prior SpySweeper scan, I decided that prior to running Ewido before doing anythng else (which I've been doing to "clean" the 72 MidAddle boogers immediately after each Windows start, since acquiring them), to try an experiment.
I went ahead & dialed into the www, and downloaded latest updates for, then scanned with each one of my "security" apps - in the following order: (Note: Order proceeded from update to immediate scan & repeat for next, with NO intermittent nor concurrent web browsing -- ONLY these malware program sites were visited. :

3)- Spyware Blaster (~5:00am)
Spyware Blaster of course is a prevention app, and doesn't 'scan' on command. It searched for and found an available update, and after downloading, it informed me that '15 items were now unprotected' and encouraged me (with hyperlink command) to enable those protections. Clicked, to do so.

SpySweeper immediately sprang up, saying it had detected that program 'C:\..?..?..?..SPYWAREBLASTER.EXE' was attempting to change IE browser security settings, and "....recommends you do not allow these changes." I barely had time to finish reading the warning statement when Spyware Blaster cae to the front again, and as I was recognizing what this window was, noticed at the bottom a 'progress bar' indicating it was about 2/3's complete, and I only had 3-4 seconds to react but could see no way to stop it before it had finished....before I could even touch the ESC key (?), and it was done.

(Comment: Conflict between actions of recommended software. I don't even know where to look to determine what the IE changes were that SB enacted. I plan to contact both vendors re this inequity. The fact that SB proceeded without my ever approving the actions, deeply concerns me!)
Addendum: While preparing this, found in SpySweeper log file:
"5:03 AM: IE Security Shield: found: C:\PROGRAM FILES\SPYWAREBLASTER\SPYWAREBLASTER.EXE -- IE Security modification denied
********"
So......did it stop the SB attempt or NOT?? SB's progress bar seemed to indicate it completed the task.

Comments: The named desktop folder (Midaddle1020) is the folder I created when we originally began this thread/quest, and these seem to be backups of files deleted when we ran the 'Apropros.C' fix earlier last week-- is that what they are? Should I delete them - seeing as how Symantec is still viewing them as a 'Threat' ?? And, oddly, checking that folder, I don't SEE any of these files actually IN there - nor any subfolder named 'backups'!!
Whaaa......????

As for the Apropos fix that I had you download, you can get rid of. We're done with that and your scans are picking up the backups that were made.Again, what panda scan is picking up is Fine!!!. It's not a threat.

Again, does that (deletion) get rid of those backup files the scan was picking up? If not, I don't know / can't find where they are residing - don't see them in this, the only 'aproposfix' folder I'm aware of.

And again let me extend my sincerest thanks for your help. It is very much appreciated. Without you guys, I don't know where we would be.
~Jay

starhopper

Posted 23 November 2005 - 07:25 AM

starhopper

Member

Topic Starter

Member

36 posts

Darn it - forgot I wanted to ask:
When I'm running my weekly scans routine - Ad-Aware, Spybot, Symantec, etc etc - is it ok to run more than one at a time, or should I continue just running one after another?

I'm wanting to set up a process to do them automatically, like late at night when I'm off the 'puter, & not sure how to go about scheduling.